Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this talk, Andreas Weichslgartner from CARIAD will show how contemporary software engineering can help to write more secure code and detect vulnerabilities already during development. He will revisit historical vulnerabilities in the automotive space and take a look at common classes of bugs present in embedded software. Using these examples, he will show how modern programming language evolution and tooling can tackle and prevent these issues.

All organizations should have access to the skills needed to detect and contain threats. But typically, only the very largest enterprises can afford the millions in annual staff and infrastructure investments required to maintain a 24x7 Security Operations Center.

How do you secure your Docker containers against the latest vulnerabilities? What tools help your containers stay secure from the #Dockerfile through the runtime? Where is scanning most effective in the container lifecycle? We compiled a short list of security best practices to keep your #containers safe and answer these questions.

In this video, you will learn how to generate Veracode API credentials in the Veracode Platform and configure an API credentials file for storing your API credentials on Windows. Veracode API credentials consist of an ID and secret key. You use these credentials to access the Veracode APIs and Veracode integrations. API ID and key authentication provides improved security and session management for accessing the APIs.

Datadog Application Security Management allows you to quickly detect and remediate meaningful attacks targeting your application. This demo shows you how Application Security Management can help you identify at-risk services, block authenticated bad actors, and view code-level vulnerabilities to take action fast.

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Li Yuekang from NTU Singapore, & Dr. Sheikh Mahbub Habib from Continental present this talk. Software testing typically requires these three steps: Researchers have been focusing on improving the test case generation and execution feedback analysis while the topic of target program execution is under-studied, because executing the target program seems to be an easy task. However, through industry practice, they find that target program execution can be challenging for libraries or IoT software.

Collecting information on cyber threats and analysing data on a regular basis is essential to ensure your defenses are tight and to allow you to pre-empt potential attacks. Richard Cassidy and Josh Davies, experts in the cyber threat intelligence field, join us today to discuss how collaboration between cyber professionals when it comes to data and intelligence is essential for keeping your environment secure in a world where threats evolve on a daily basis.

A default Kubernetes cluster isn't safe by default. You have secrets in plain text, open and unencrypted pod to pod communication, insecure access, and much more to tighten down. In this video, we'll discuss 5 strategies to better secure your Kubernetes cluster from the outset.

CI/CD combines the practices of continuous integration (CI) and Continuous Delivery (CD) to allow DevOps teams to deliver code updates frequently, reliably, and quickly. CI/CD emphasizes automation throughout the development lifecycle (Buid, Test, Deploy). By replacing the manual efforts of traditional development, code releases can happen more frequently, and with less bugs and security vulnerabilities. At CrowdStrike, we focus on integrating security into the CI/CD pipeline. As part of the functionality of CrowdStrike’s Falcon Cloud Workload Protection (CWP), customers have the ability to create verified image policies to ensure that only approved images are allowed to progress through the CI/CD pipeline and run in their hosts or Kubernetes clusters.